Data Monitoring: Helps with Personal DataBy Kevin Fogarty | Posted 2008-07-21 Email Print
By searching data going out through your firewalls, a data monitoring appliance builds a searchable index that shows IT managers what kinds of unstructured, sensitive data are being sent out. Two companies are using the technology to help avoid customer data loss, thwart rogue-employee activity and stay in better compliance.
For example, with this technology you can place a monitoring agent on, say, a customer database or other competitive, sensitive information that watches the flow of data and the profile that is accessing it. This agent sees the activity of data and whose system it was being moved to including mobile devices that are plugged in to the network, such as iPods, iPhones, USB drives, or other easily transportable systems.
“After the discovery you have to discover [know] what people are doing with that information because once it leaves your organization, that is the highest risk, because you have no further control over it," says Bhatt.
Tosheff and Bhatt both use the Reconnex product to help the company demonstrate its compliance with security rules, but also to enforce internal rules or policies about the appropriate use of company networks and computers. During tax season, for example, many ARC employees email tax documents either from work or through the same Internet connections they use to access servers at the office.
"So when we see that, we tell people, 'You know, you're sending very personal information across the Internet in the clear,' and they're very grateful for the warning," Bhatt says.
"It also lets people know that you really are monitoring what they're doing on the Internet the way you told them you were in the classes where you educate them about what's appropriate use of technology or handling sensitive data," Tosheff says.
The Reconnex products come in two primary parts – an x86-based server with all the required software already loaded, and a console IT managers can use to configure the monitor and gather reports or more ad hoc data. The process of finding and identifying types of data going through the firewall depends on sophisticated data-mining algorithms.
It works essentially like a search engine, sitting on its custom-designed server, filtering data as it goes out through the firewall and building an index of what data is being sent, and by whom. It uses IP addresses, LDAP and Active Directory profiles to identify specific users and connect them with the data they sent. The real configuration issue has nothing to do with the appliance, according to Tosheff and Bhatt. The real work is in creating an internal listing of what data the company owns, where it's stored and – most important – what specific types of data are sensitive.
"Every company has some kind of intellectual property they'd like to protect, but it's not always as clear as credit card numbers or other data with patterns that are easy to define," Bhatt says. "You have to go to each of your business units and ask them what kind of information they have and what would be the cost if they lost it, or if someone outside were to get ahold of it."
Without a fairly rigorous idea of what kinds of data you need to protect, it's impossible to build a query to discover how much of a risk the company faces, Tosheff says. It's possible to just read through the index and logs, but that's inefficient and arbitrary, Tosheff says.
The only way to get a good handle on data leakage is to put filters and logs on every exit point from the network and use tools such as Reconnex' s to keep track of the data employees are sending out, and the communications channels they use to do it, Tosheff says. Doing that with a large company could require installing a whole series of Reconnex appliances to avoid having to route all data through one gateway, Tosheff says.
The Reconnex appliance starts at $19,000 for a basic installation, and costs can rise to several hundred thousand, depending on the amount of data and number of points on the network that should be guarded. Most companies would want to have more than one appliance, Bhatt says, one on each Internet gateway is the best way to get the most value and the best security, he says. That means spending another $19,000 for every gateway, and potentially more money on consulting help from Reconnex, which helps customers set up processes they can use to inventory their existing data, profile data customers consider sensitive, and to set flags and automated reports to notify security managers when security policies are violated.
"You don't want to put all your guards on one door, then leave the other unguarded," Tosheff says. "You need to take a more architectural approach."